構(gòu)建智能ICT基礎(chǔ)設(shè)施安全主動(dòng)防御體系Buildanintelligentproactivesecurityprotectionsystem

forICT

infrastructure60%23萬(wàn)億$風(fēng)險(xiǎn)叢生效率提升Increased

efficiency到2025年，智能聯(lián)接會(huì)撬動(dòng)23萬(wàn)億美元的機(jī)會(huì)By2025,smartconnectionswillcreateopportunitiesworthUSD23

trillion.到2020年，60%的數(shù)字化公司將遭遇重大的服務(wù)故障By2020,60%ofdigitalcompanieswillencountermajorservice

faults.Considerable

risks電力電網(wǎng)智能化Smart

grid電表、工作站成為攻擊入口Electricalmetersand

workstationsasattackentry

points提升投資效率ROI

improvement入侵入口增加Increasedintrusion

entrypoints新技術(shù)融合Convergenceof

newtechnologies互聯(lián)網(wǎng)業(yè)務(wù)引入新風(fēng)險(xiǎn)Newrisksbroughtby

Internetservices優(yōu)化城市治安Heightenedcity

security攝像頭非法控制Unauthorizedcamera

control關(guān)鍵ICT基礎(chǔ)設(shè)施面臨前所未有的安全挑戰(zhàn)CriticalICTinfrastructureisfacing

unprecedentedsecurity

challenges.5G網(wǎng)絡(luò)提速Network

acceleration海量終端訪問(wèn)控制Accesscontrolovernumerous

terminalsElectric

Power電信Telecom交通Transportation平安城市Safe

City16年10月，Mirai攻陷了超過(guò)200萬(wàn)臺(tái)攝像頭等IoT設(shè)備，導(dǎo)致美國(guó)大面積斷網(wǎng)。物聯(lián)網(wǎng)終端2020年將達(dá)200億，如何避免成為黑客利用對(duì)象？InOctober2016,Miraiinfectedover2millionIoTdevices,especiallysecuritycameras.Asaresult,thenetworkfailedtoprovideservicesinmostareasoftheUS.By2020,therewillbe

20

billion IoTterminals.Howcanwepreventhackersfromexploitingthese

terminals?InOctoberandNovember2017,thee-governmentcloudsofmultipleprovinceswereinfectedwithminingTrojanhorses,andthee-governmentservicewasunavailableforseveralhours.This

newtypeofattackaimstostealsystemresourcesandgaindigitalcurrency,substitutingfordatatheftand

extortion.17年10月-11月，多省政務(wù)云被挖礦木馬感染，導(dǎo)致電子政務(wù)業(yè)務(wù)中斷長(zhǎng)達(dá)數(shù)小時(shí)。這種新型攻擊形態(tài)以竊取系統(tǒng)資源并賺取數(shù)字貨幣為目的，取代了以往的攻擊手段。交通Transportation制造Manufacturing政府Government金融Finance能源Energy平安城市Safe

city云計(jì)算 5G IoTCloud

computing

5G IoT電信Telecom如何保障ICT基礎(chǔ)設(shè)施的安全HowtoensureICTinfrastructure

security問(wèn)題一：安全是獨(dú)立于ICT基礎(chǔ)設(shè)施的存在嗎？Question1:IssecurityindependentofICT

infrastructure?@制造臺(tái)積電勒索軟件事件TSMCransomware

incident思考：這種問(wèn)題安全體系若孤立存在，如何面對(duì)？Thinking:Howcanwedealwithsuchissuesifthesecuritysystemis

separate?H

O

W

?8月3日午夜，位于新竹科學(xué)園區(qū)的12英寸晶圓廠和營(yíng)運(yùn)總部因電腦遭遇病毒而生產(chǎn)線停擺，幾小時(shí)之后，其他園區(qū)也遭遇同樣情況Atmidnight

onAugust

3,2018,

the

12-inch

wafer

plant

and

operations

headquarters

in

the

HsinchuScience

Park

suffereda

computer

virusattack,

andthe

productionlinegroundtoahalt.Severalhourslater,thesamesituationoccurredinother

campuses.8月6日下午，臺(tái)積電確認(rèn)該公司此次遭遇的病毒為“WannaCry”，損失超10億元RMBIntheafternoonofAugust6,TSMCconfirmedthattheviruswasWannaCryandthelossexceededCNY1

billion.FW/IPSFW/IPS工業(yè)園區(qū)Industrial

park新加入電腦Newlyconnected

computer·@政府思考：?jiǎn)蝹€(gè)攝像頭被暴力破解容易防備，若

1萬(wàn)個(gè)攝像頭分別被嘗試登陸5次，如何發(fā)現(xiàn)并防御？平安城市攝像頭被暴力破解Bruteforcecrackingofsafecity

camerasThinking:Itisrelativelyeasytopreventthebruteforcecrackingofasinglecamera,buthowcanwedetect

andpreventmalicioususersmaking5consecutiveloginattemptstoeachof10,000cameras?H

O

W

?…問(wèn)題二：安全產(chǎn)品兢兢業(yè)業(yè)、各司其職，是不是就可以了？Question2:Isitsecureifsecurityproductsallfunctionproperlyandfulfilltheir

roles?防火墻AntiDDoS入侵防御WEB應(yīng)用防火墻終端安全FirewallAntiDDoSIPSWAFTerminal

security@交通公路收費(fèi)網(wǎng)絡(luò)在“完備”的保護(hù)下被入侵Intrusionintoahighwaytollnetworkwithadequate

protectionThinking:Thesecuritysystemdiscoveredtheintrusionbutfailedtohandleitpromptly.

Howcanweresolvethis

issue?H

O

W

?思考：安全大腦發(fā)現(xiàn)了入侵行為，卻錯(cuò)過(guò)了處置時(shí)機(jī)，何解？全網(wǎng)威脅監(jiān)控Network-widethreat

awareness一卡通Smart

card公眾出行服務(wù)Public

transportationservice視頻監(jiān)控Video

surveillance收費(fèi)Billing管理Management辦公系統(tǒng)Office

system問(wèn)題三：有一個(gè)智能的安全大腦是否就夠了？Question3:Isitsufficienttohaveanintelligentsecurity

system?@金融銀行：打造智能安全大腦的成本有多高？Bank:Howmuchdoesitcosttobuildanintelligentsecurity

system?Thinking:Whatcanwedogiventhatthehighcostof

buildinganintelligentsecuritysystemhindersits

popularity?H

O

W

?思考：這么高的智能安全大腦打造成本阻礙了它的普及，怎么辦？金融全網(wǎng)安全分析平臺(tái)DC分行BranchInternet全網(wǎng)探針，高額的投入Networkprobe,high

investmentFinancialnetwork-wide

securityanalysis

platform辦公區(qū)Office與ICT基礎(chǔ)設(shè)施充分配合，業(yè)務(wù)驅(qū)動(dòng)云上和云下智能聯(lián)動(dòng)，集中智能和邊緣智能配合基于軟件定義的安全產(chǎn)品間動(dòng)態(tài)配合，開(kāi)放架構(gòu)基于軟件定義安全（SDSec）解決方案架構(gòu)的HiSec華為智能安全解決方案HuaweiIntelligentSecuritySolution(HiSec)basedonSoftware-DefinedSecurity(SDSec)

ArchitectureOn-andoff-cloudintelligentlinkage,

centralizedintelligence&edge

intelligenceFullcollaborationwithICT

infrastructure,business-drivenDynamiccollaborationbetween

software-definedsecurityproducts,open

architecture本地智能

Local

intelligence分析器CISFireHunter5GIoT云端智能Cloud

intelligence控制器SecoManagerAgile

ControllerSwitchRouterWIFIAntiDDoSIPS邊緣智能

Edge

intelligencePCWAFFirewall平安城市

Safe

city云計(jì)算

Cloud

computingAnalyzerController華為云EIHuaweiCloud

EI聯(lián)動(dòng)處置④聯(lián)動(dòng)網(wǎng)絡(luò)執(zhí)行單元NGFWSecoManager安全·控··制器

vNGFW③聯(lián)動(dòng)安全執(zhí)行單元②安全威脅事件分析網(wǎng)絡(luò)控制器···Switch vSwitch⑤安全隔離策略執(zhí)行①安全威脅數(shù)據(jù)采集通過(guò)安全與ICT基礎(chǔ)設(shè)施的配合，優(yōu)雅地解決“臺(tái)積電”難題Effectivelyresolvingissuessimilartothoseencounteredby

TSMCthroughthecooperationofsecurityandICT

infrastructure威脅擴(kuò)散范圍從區(qū)域邊界降低為主機(jī)邊界Threatspreadscopedecreasedfromtheareabordertothehost

border威脅響應(yīng)能力從安全孤島升級(jí)為聯(lián)合戰(zhàn)線Threatresponsivenessupgradedfrom

securityislandstojoint

frontsEDR控制中心EEEEEEEDR客戶端信息收集上送終端處置策略下發(fā)CIS日志采集器感染范圍分析安全威脅事件分析EDR聯(lián)動(dòng)FireHunter

沙箱調(diào) 聯(lián)查 動(dòng)取 處證 置通過(guò)安全分析大腦和不同廠商終端安全產(chǎn)品的配合，快速地應(yīng)對(duì)高級(jí)安全風(fēng)險(xiǎn)Quicklyrespondingtoadvancedsecurityrisksthroughcollaborationbetweenthesecurityanalysissystemandmulti-vendorsecurity

products1 終端威脅調(diào)查取證Terminalthreatinvestigationandevidence

collection2 終端威脅事件溯源Terminalthreateventsourcetracing3 終端威脅聯(lián)動(dòng)響應(yīng)Terminalthreatjoint

response4 終端威脅可視化Terminalthreat

visualizationEE邊緣智能安全網(wǎng)關(guān)部署高級(jí)安全分析能力邊緣智能安全網(wǎng)關(guān)將通信壓力分散到了邊緣節(jié)點(diǎn)，減少實(shí)時(shí)數(shù)據(jù)傳輸Capex

80%90%帶寬占用1s威脅檢測(cè)時(shí)間Firewall10sTheedgeintelligencesecuritygatewaysupportsadvancedsecurityanalysis.Theedgeintelligencesecuritygatewaydistributescommunicationtraffic

toedgenodes,reducingreal-timedata

transmission.邊緣智能和云端智能深度聯(lián)動(dòng)，提升邊緣安全網(wǎng)關(guān)威脅檢測(cè)能力Edgeintelligenceandcloudintelligencecollaboratecloselyto

improvethethreatdetectioncapabilityoftheedgeintelligencesecurity

gateway.Threatdetection

timeBandwidth

usage數(shù)據(jù)同步Data

synchronization控制管理Controla